A vulnerability in the popular third-party plugin, 1 Flash Gallery, has been identified by multiple independent sources. The vulnerability allows attackers to perform an arbitrary file upload (usually a malicious php script or the like) which then can be used to perform various undesirable actions from the victim’s server (typically server a spam email relay). An attack string looks something like this:
/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&
The problem occurs because the plugin fails to perform adequate validation checks on files specified for uploads (should only allow images). The vulnerability is present on versions 1.30 through 1.5.7. Version 1.5.8 is available from the Official WordPress Plugin Directory. Immediate update is recommended. If this is not possible, you may want to consider removing or otherwise thoroughly disabling the plugin until you can address the issue.
Users may also wish to review their server access logs for a string resembling the one above as well as any unusual activity (the mail log is a good place to check for subsequent exploits).
Need help with your WordPress site? Contact us for our professional services. We can also provide support & expertise in convenient “blocks” to suit your short and long term needs.
I'm the front-man of It's WordPress. I come from a diverse array of backgrounds, enjoying the opportunity to expand my knowledge base and skill set by re-inventing myself. I enjoy environments that focus on emerging information, technology and concepts. I put on the technical hat in my early 20s and never really looked back. I'm love technology and the internet, as well as the outdoors and avidly hike, kayak and camp every chance I get.
About Us
We can take you from concept, through design, development and deployment in one seamless process. Whether you choose a self-managed web site or need a continuing support relationship; we've got you covered.
Click to edit this heading
Request Consulation
Ready to transform your vision into a reality? Just looking to see what it takes to get the ball rolling. Tell us about your project and we can help. No spam. No obligation. Just answers.
More from our blog
See all posts
Recent Posts
- WordPress Workflow With Rest API November 9, 2017
- Three Must-Haves For Your WordPress Headlines January 23, 2016
- Hail to the King (of Content Management Systems)! November 10, 2015
All Website Tags
Leave a Comment cancel
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Thanks for the comment, Mitschelen30. We exclusively use WordPress in our projects. It is a great platform with an amazingly talented and giving user community.
You have really interesting blog, keep up posting such informative posts!
Great blog, did you use wordpress or blogengine? I made few blogs myself 🙂 It takes time but it is worth it!